huml
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the
@huml-lang/humlnpm package. This package is managed by an unverified organization not present in the trusted sources list, which introduces a supply chain risk if the package contains malicious code.\n- [COMMAND_EXECUTION] (MEDIUM): The skill documentation instructs the agent to runnode scripts/validate.mjs. While this is presented as a bundled validation utility, the script file is missing from the provided skill files, meaning its behavior is unverifiable and could execute unauthorized system commands.\n- [PROMPT_INJECTION] (LOW): The skill is designed to ingest and parse HUML documents, creating a surface for Indirect Prompt Injection (Category 8). An attacker could embed instructions within a HUML file that the agent might inadvertently follow during processing.\n - Ingestion points: User-provided
.humlfiles passed to the validation script or read for conversion.\n - Boundary markers: Absent. The skill does not define specific delimiters or instructions to the LLM to ignore embedded commands within the markup.\n
- Capability inventory: The skill uses the
nodeenvironment to execute scripts, which has full access to the local file system and network.\n - Sanitization: No sanitization or validation logic for the content of the HUML files is described in the documentation.
Audit Metadata